diff --git a/README.md b/README.md
index 8abfbaa9..8aa9524e 100644
--- a/README.md
+++ b/README.md
@@ -11,6 +11,7 @@ SIGNUP_PAGE_ENABLED=...
 
 CONSUMER_KEY=...
 CONSUMER_SECRET=...
+ACCESS_TOKEN=...
 ```
 
 ## Run  
diff --git a/app/lti_session_passback/lti/check_request.py b/app/lti_session_passback/lti/check_request.py
index 727ad913..5f952a22 100644
--- a/app/lti_session_passback/lti/check_request.py
+++ b/app/lti_session_passback/lti/check_request.py
@@ -4,6 +4,7 @@
 
 from .lti_validator import LTIRequestValidator
 
+from os import environ 
 
 def check_request(request):
     if not mock_lti_auth():
@@ -13,6 +14,13 @@ def check_request(request):
 
 
 def _check_request(request):
+    # access by token
+    access_token = request.args.get('access_token', None)
+    if access_token and (access_token == environ.getenv('ACCESS_TOKEN')):
+        # if request has access_token, and it's equal to ACCESS_TOKEN from env -> accept, esle - check user
+        return True
+
+    # access by LTI user
     provider = FlaskToolProvider.from_flask_request(
         secret=ConsumersDBManager.get_secret(request.args.get('oauth_consumer_key', None)),
         request=request)